02-11-2016 07:31 AM - edited 02-11-2016 08:15 AM
I have an issue with my Global Protect Client when i set up to my PAN Firewall.
Version Client Global Protect 2.3.3-5
Version PAN 6.0.8
I have Zone Global Protect that all my users-clients GP are defined, I connect through the Untrust Interface that is my peer.
Also i have a Ip address Pool defined in my global Protec Zone 192.168.10.1-192.168.10.254, that means when i set up the GP in order to connect to my Office from Internet, the Firewall Assign to me an ip address which belongs to these pool.
The GP set up well, but after 10-15 minutes the traffic from my laptop (Internet with GP Connected ) to the Trust Zone is blocked,,, but The traffic from the Trust Zone to the Global Protect Zone, work well, i have no traffic blocked. i can reach well the ip address of the Laptop Global Protect Client frtom Trust to GP Zone....
I just have issue from Global Protect Zone to the Trust Zone, after few minutes i set up the GP Client
The GP Client always keep connected, but i have no traffic from Global Protect Zone to my trust, so if i want to have traffic well , i need to disconnect the GP Client and connect it again.
02-22-2016 10:04 AM
Hello, after i made a contact with Seller, they did the following re-configuration in my Firewall PAN-3050.
The issue is resolved . I have no failover in the connectivity between Global Protect Zone and Trust Zona
Network, Global Protect ,Portals, Portal Configuration, Authentication, Certificate Profile You Shoud Use NONE
Client Configuration, in trusted Root CA, We add the Root-CA-GP
Thanks a Lof
02-11-2016 08:39 AM
Have you tested with some other system? Try reinstalling and then reboot the device and install again. Have you checked the session details of the traffic from global protect to trust what it show?
02-11-2016 09:33 AM
Hello thans for your answer, i have checked with Windows 7, and Windows 8.1,with the same result,
Yes i uninstalled the Global protect, and reinstalled, rebooted, with the recent version and the problem continues.
When i send an icmp Ping Test from global Protect Client to the a specific ip address in Trust, i see in monitor-Traffic , the proper log. From Global Protect Zone to Trust UP.
But when i have the issue after 10-15 minutes, the traffic is blocked to the trust, in the section Monitor-Traffic does not appear any log. i would say the traffic of the Global Proect Agent Laptop never reach the Firewall.
However, the connectivy from Trust to the Global Protect Laptop always is UP .
02-11-2016 09:50 AM
Check
show session all filter source <GP user Ip> destination <Destination IP address>
Try using different version of GP 2.1.3, 2.3.2
02-22-2016 10:04 AM
Hello, after i made a contact with Seller, they did the following re-configuration in my Firewall PAN-3050.
The issue is resolved . I have no failover in the connectivity between Global Protect Zone and Trust Zona
Network, Global Protect ,Portals, Portal Configuration, Authentication, Certificate Profile You Shoud Use NONE
Client Configuration, in trusted Root CA, We add the Root-CA-GP
Thanks a Lof
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
